So, imagine you go to the store, you ask to buy a coffee, there is no cash register, no transaction receipt it given to you, but you are handed the coffee. They don't say anything. You payment is invisible. You don't know how much it will be but you agree to the opaque terms. If you get food poisoning later, it's going to be a huge hassle proving you where there, but it's possible. However, the authorities in charge of checking out food poisoning issues would need some proof. Maybe you threw away the cup, maybe you still have it. Maybe there is video surveillance and maybe not.

No receipt for tax purposes, or proving the cost from the vendor, or your expense report, or documentation about what you purchased.. no warranty or food safety proof, no date or time or place or anything. You just have a cup of coffee.

That's what it's like to go to a vendor online or on your phone, make an account and share some data. You do get something, but you don't really know what you "paid," you have no receipt after you agreed to get the service, and you have nothing from the vendor, other than maybe the confirmation email you received.

Now imagine the opposite:

You go to a digital vendor, you see the service's rating on the crowd sourced or professional review of the way the company will treat your personal data, and you see a comparison of how other similar services would treat your data. You pick one, and "consent" to share your information. A consent receipt is built, that shows you the vendor's TOU and Privacy Policy, the Consumer Report's style rating and comparison, from the consent date, the Date, Time and Jurisdiction you are in, your identifier, you terms such as a DNT signal, and the Jurisdictional requirements for treating personal data and consent. And your receipt is sent to you, and the vendor. Some statistics hit the public website, depersonalized but showing the world how vendors are doing with personal data consents. And you have a tweet that thanks the vendors doing good with your data, and asks the ones doing poorly why they aren't doing better.

There is your data, there is "little data" where when you share it, it's wrapped around you as the user, centralized. And that's "Big Data" that is really a large amount of "Little Data." Then there is Big Data that you as a user co-create with a vendor or service, that is relatable back to you but it's wrapped around objects, data models and identifiers that are first about the object and not about you. And then there is aggregated data that is depersonalized .. though it may still be possible with some detective work to find you.

My point in making this distinction is to note that talking about Big Data in an unspecific manner is a great opportunity to misunderstand, to miss potential solutions that apply to parts of this scale, but not all, and to talk past each other when we are discussing problems and solutions in the privacy arena.

Who says kids don't value privacy? And who says they won't pay for it? WhatsApp and Privacy

One of the interesting elements for me here is that kids were okay giving WhatsApp their data, for then (for now?), knowing there would be no ads, because it created "parent privacy" though the app, and reduced their costs sending TXT messages through the telcos.

I pay $20 a month for a flat rate of unlimited TXT msgs, SMS, *and* unlimited free cell-to-cell calls. I did it for the calls.. which anytime are 10cents during the day. I moved my plan from the 4th highest minutes, to the lowest, because almost all my calls are to other cells.

However, because I went from 500 texts (and 25cents for each additional) to unlimited, I now use about 2k texts. But every text is listed, time, date, phone number, on my bill, and that's easily sortable online if you log into the cell company's website. And my telco and many other apps have access to those messages.

Parents that want to track their kids, just sort the calls, track the times, etc.

Kids are paying $1 to both stop any additional costs for texting, and to stop the tracking.

I think this is a very interesting development.

What data does WhatsApp see in your phone?

Your phone has more intimate data about you than Facebook, in many ways because it's implicit, not explicit. WhatsApp doesn't need you to tell them your favorite movies or where you live; they know through the discussions, they know your real friends list based upon contacts and activity in your phone.

Here is the list of the data you agree to give WhatsApp for an Android install:

That's a lot of info. I would argue that this is more personal information that what you post voluntarily on FB.

But I think the kids were looking for Parent-Privacy, not Privacy from Telcos, the government or data aggregators mostly. And WhatsApp gives it to them, and reduces the costs of text messaging on the phone to $1 year.

Brilliant, and worth every penny of the $16-19b Facebook paid, What'sApp is reported to have 450m active users.. divide that into 19b and you get $45 a user.. or $16b is $35 a user.

When Flickr was bought, Yahoo paid $111 a user. With revenue of $25 a person x 60,000 paid users.
Myspace was $36.
Instagram was $28.
Skype was a whopping $264.See more at Statista.

I don't know how many paid users WhatsApp has, but the service is free the first year, then $.99 a year after that. I suspect we'll find out how many at the next quarterly call Facebook has, because I can't find anything with that number out there now.

But WhatsApp sold for an amount that is comparable for a "consumer" service. And reasonable, even if $19b is a mind-blowing number in the scheme of things.

UPDATED: As we get down to the wire on presentations tonight at 5pm, the room is quiet and everyone is working hard. One of our judges, K. Waterman is walking around, conversing with whomever has a minute. And we have settled out to these project teams:

Safe Sign-up: This will encrypt volunteer signups for events, especially protests, so that there is not one place that would have all the people at the event. Event organizers would have 5th Amendment protection for this information. By: Zaki Manian, Restore the Fourth, SF.

Bring your Own Chat: A secure zero-knowledge chat application using only Drop Box. By: Daniel Roesler, Restore the Fourth, SF. The project can be found here at Github: https://github.com/diafygi/byoFS.

We have five (5) projects going in San Francisco at the Data Privacy Legal Hackathon. After an initial introduction phase,
and discussions, teams broke out and are all quietly working away.

We have 3 groups and 2 individuals who are working on projects..

The largest group is leading group interested in privacy icons and terms and data policies work on his part, which is to make a privacy policy generator and some icons that represent what the then-structured policy would represent to make it easy for users to see what a privacy policy says and does to the user.

After we talked a bit, he realized the value of the parts I'm working on with the Consent Map, Consent Receipt and various tools to make that happen, like the API project to the map. We went over the whole ecosystem we all propose and he sees the complementarity.

Here is a diagram of that shows some of the different products that we discussed above:

But that group is more interested in getting privacy policies structures and visualized than the other side of the transaction which would look at terms an individual would submit, like Do Not Track. However, they recognized that there is a need for a consent receipt at the end of either side setting a term.

There is also a bitcoin thing for more private transactions for identity privacy (ie, taking things outside the financial networks, where you still have some kind of identity inside bitcoin, to taking things outside the identity systems in bitcoin..). I don't totally understand it but that's what they are talking about and trying to figure it out.

There is an https server project, and another individual project that I haven't yet discussed with the maker.

I'm working on the consent receipt. Other groups are likely want to hook into the consent receipt when they have their pieces.

And wanting to just maintain the Status Quo, uphold and use it, as our standard of law, as the basis for what we do in the US? Yea, supporting that is the New American Radical act amongst the New American Radicals (you can count me amongst them as that's the system I signed up for... the one with the Constitution).

How can this be? Asking for such should be a traditionalist thing, leaving the radicals to ask for new amendments, change 'you can believe in' yada yada and other controversial innovations to the law? But no.. it's a radical act in America these days to just ask that we uphold the Constitution, the Bill of Rights and the Amendments.

I realized this is true, the other night, when I went to hear Daniel Ellsberg speak, along with Cindy Cohn of EFF, Shahid Buttar and Norman Soloman, along with Bob Jaffe moderating. And yes.. Ellsberg's an American Radical, but not just because he got the Pentagon Papers out 40 years ago. It's because he believes in the Constitution, the Bill of Rights, our other Amendments to be the rule of law. He had some very interesting things to share as well.

Ellsberg talked about how years ago, "Richard" Cheney (as he called him.. I'm so used to "Dick") communicated a desire to change the constitution because he thought it was wrong, and that it should be different. Ellsberg said that that's okay, but then you have to change things through the system. Instead, Cheney and Bush and others have been corrupt, because they got elected, swore an oath to "defend the Constitution of the United States against all enemies, foreign and domestic" but then subverted the rules they swore to uphold. (I knew they weren't honorable men, but I never thought about it in these terms.)

So in this case, they are the enemies, these corrupt parties, who subvert the Constitution, by taking, ".. your tax dollars, taken in secret, and spent in secret, to spy on everyone."

Ellsberg's example of a founding father who parallels the whistleblower / leaker of today is Nathan Hale, the man who was caught by the British and hanged in 1776 for trying to share information with his own countrymen, Americans, about what the British were doing. Hale's famous line is: "I only regret that I have but one life to give for my country."

What if we hanged people like that today, the people who leaked the full breadth of what was happening at Abu Ghraib instead of the public just seeing the sanitized, reduced version that claimed it was just a few isolated incidents, when in fact the torture at Abu Ghraib was huge and widespread and very shameful for us and our government? Or the Extraordinary Rendition program? Or Warrantless Wiretapping?

All these secretive activities changed when they became public. And they changed as a result of whistleblower-leakers sharing information the government didn't want to get out, with the exception of Congress legalizing Warrantless Wiretaps once that activity became public. And now things are changing again because of Edward Snowden and the NSA surveillance information he let out.

Ellsberg said, "To have knowledge of every private communication, every location, every credit card charge, everything.. to have one branch have power over the other two (executive, over legislative and judicial).. Snowden has confronted us with something that we could change.... But Obama is part of the problem. He just assures us that there is nothing to worry about. But who is to be trusted? The people who kept the secrets and lied to us? Diane Feinstein? Or do we trust Snowden? Snowden has done more to support the Constitution than any Senator, Congressman, the NSA ... "

Ellsberg also talked about how when he was in trial, 40 years ago, he was out on bail, and could speak freely with the press. Today, if Snowden were on trial, he'd be in a hole, like Chelsea Manning. We wouldn't hear his thoughts on the issues in the trial, because the government would stop it, in trial and outside.

During Ellsberg's trial, his lawyer tried about 5 times to get motive into the questioning, but the prosecution kept objecting. Motive didn't matter they said, and the judge agreed. The same thing would happen to Snowden, who would never be able to say, on the stand, why he did what he did.

Cindy Cohn who has heroically been bringing law suit after law suit to stop some of these illegal practices, talked about how originally the FISA court started out approving targeted warrants -- so at least they knew who was targeted. But things have devolved, to where the FISA court is now presented with massively expanded, abstract warrants that don't even have the FISA court knowing who specifically is targeted. Smith vs Maryland, which ruled on the pen register method of an unwarranted wiretapping of a single land line, "..doesn't even pass the giggle test" when applied to the massive surveillance we undergo now.

In fact, she said that, "Technology is our friend, encryption is our friend." That while major companies have been compromised, we need to develop technologies to help us, as much as we need to use legislative policy and the judicial system to fix this. Even companies, 5 large tech companies, had to get together last week and tell the government to stop hacking them, or they would lose customers and be severely affected.

Cindy recommended we tell legislators to vote against the sham FISA Improvement Act, and instead support the USA Freedom ACt and the Surveillance State Repeal Acts, which have bi-partisan congressional support.

"The days in which you can separate corporate surveillance and government surveillance are over.... The 3rd party doctrine undermines privacy, because *we all* give our data to 3rd parties." She went on to say that the tools for organizing against each type of collection are different, but the issues are similar.

Lastly she noted that for 9/11, collection wasn't the gap. They knew about the guys. Sharing between agencies was the gap. Yet we haven't solved for that but we are collecting like mad!

This is an unprecedented year documenting our loss of Privacy. Never before have we needed to stand up and team up to do something about it. In honour of Privacy Day, the Legal Hackers are leading the charge to do something about it, inspiring a two-day international Data Privacy Legal Hackathon. This is no ordinary event. Instead of talking about creating privacy tools in theory, the Data Privacy Legal Hackathon is about action! A call to action for tech & legal innovators who want to make a difference!

We are happy to announce a Data Privacy Legal Hackathon and invite the Kantara Community to get involved and participate. We are involved in not only hosting a Pre-Hackathon Project to create a Legal Map for consent laws across jurisdictions, but the CISWG will also be posting a project for the Consent Receipt Scenario that is posted in on the ISWG wiki.

The intention is to hack Open Notice with a Common Legal Map to create consent receipts that enable ‘customisers’ to control personal information If you would like to get involved in the hackathon, show your support, or help build the consent receipt infrastructure please get involved right away — you can get intouch with Mark (dot) Lizar (at)gmail (dot) com, Hodder (at) gmail (dot) com, or join the group pages that are in links below.

Across three locations on February 8th & 9th, 2014, get your Eventbrite Tickets Here:

I don't care that my data isn't worth that much on the open market or that in many ways, because my data leaks everywhere constantly and therefore many can aggregate and sell it, the market is commoditized and my data is in this market, worth very little.

My data is worth a lot to me, and it's worth protecting to me (as in, I'm willing to go to a lot more trouble over just my slice of data, than any of these companies are to protect *my* data).

In this way, the tragedy of the commons (the personal data aggregation commons) may be turned around from the old version, where individuals didn't do anything about the commons but those with monetary or other big interest cared about protecting something did take action (think , but my single interest in copyright law might not be worth my spending a lot of time on the other side, fighting their lobbying efforts, because to the average person, big copyright isn't that big a deal.. hence, the tragedy of the copyright commons). The shift in the personal data commons that we have now, where companies just hoover up everything in order to sell your commoditized data reflects a situation where the individual is highly motivated to protect their little mini-garden slice of their own data, to control the inputs and outputs, if the proper tools are in place to help us do it.

I think the FT calculator reflects the tragedy of the personal data commons model where Big Personal Data Aggregators attempt to sell our data in a commodity market, typically for a few cents, to less than a buck (I came in at $ .9792 or just under a dollar -- but over what period.. I don't know. Is this for each request for my data? That could be a lot of dollars over a year, I suppose).

If I stop some of my data going to the big aggregators, I can't imagine they would notice or really care, if one person has some data missing from their profile, within the gigantic aggregation system. But my little garden, well tended and organized, becomes much more valuable to me than $1 a hit. Now if someone wants the well tended accurate stuff, fully fleshed out, they will have to "pay" a lot, or a little for a small slice. That payment may come in the form of a trade, a discount, or a better deal, if I'm buying, or the ability to, say, read the whole New York Times site unencumbered if I share my data with them. Or it may be that I just don't share.. pay cash for what I use online, and then I'm much less a part of the commons, as my data isn't shared out in the marketplace.

But now you see, I've created choice for myself, control, autonomy, and transparency over my transactions.

I think folks at the VRM list, and in a few other places looking at this problem. know that it's my little garden that is well tended that will be far more valuable over time, against the old style, hoovered commodity world. But for now, all the FT can see is the old model. Rear view mirror. And that's fine. Just more motivation to bring the tools online for me to collect and organize my own info, and stop the leaks of our data, from getting to the big hoovering agents.

Also.. T.Rob has a great post that also reacts to the FT article -- he too rejects the premise of the argument FT makes: "The personal data to which the FT article refers is like crude oil. The personal data which we should be worried about is like premium unleaded gas. Either way, it's about you, directly impacts you and has market value to everyone but you. Don't let anyone tell you it has no value. Even the Financial Times."

The question the new Graph Search at Facebook continually elicits in me as I've discussed it on various lists, as well as read a couple dozen articles on it, is:

Do I really need my whole graph to find what I need?

First.. how much and what do i need?

Advertisers, marketers, graph search makers, all operate on the assumption that we all need much more than we do.. and if the last 5 years had taught us anything, it's that a lot of people borrowed a lot of home equity to buy crap they later dumped at Goodwill..

In other words.. yes.. we do need some things, a plane ticket, rental car.. a new laptop.. etc. But I do think many know how to get those things.. without necessarily getting all that much input from others.

And that leads to my other point: how many others do you need, and how much of their input?

This weekend I had a guest here.. who rented a car from Avis.. and it's the third time she's signed up for the lowest level car and then been given a 3-series BMW or a Mini.. for $25 a day.

That's a nice to know factoid.. but if everyone coming to SFO knew it.. she would never get a BMW for a tin can on wheels price.. we talked about whether she would share this anywhere.. and she said no.. she would not share it. Though she's very active on many social communities.

Another angle: about 7 years ago, I was in a book club with Jerry Michalski and about 5 others.. and we would read books on ants and viruses and ecosystems.. trying to apply those understandings to what was going on online.. we did it for a couple of years and it was very helpful.

But one of our conclusions after talking through two dozen books and working through the logic of different takes on systems and people and flows of information was that in the end, you only need the right 5 people to help you find the things you need, get the right ideas, advice, etc to make good choices.. and these were verbal conversations because most often, even if these people were highly active online, they wouldn't necessarily share certain information online, for various reasons (it took too much time, there were consequences for having those opinions, they didn't want to be bugged, etc). In fact, much of the time the good intel didn't make it to the searchable web for months or a year or two later.. and I still find that true today, even with Twitter, FB, quora, tumbler, etc. People who really know stuff don't want or need to show it off.. and there is downside for sharing the data.

So these questions linger for me.. as I think about Graph Search.. which may have some value.. but I am highly skeptical of what, how much, etc.

There will be some value.. but I think maybe it will be comparable to the kind of "lift" that an Ad gets, when some new technology is added to the Ad selection or whatever.. often that lift is just a couple of percent better than before but to Ad people.. that's great.. because they are doing something at scale.

For us.. for individuals.. if Graph Search got us 10% better intel over what we could otherwise find using existing search systems.. would that be worth the increased personal exposure and loss of control over our data we give away in a system like this...

And lastly, I'm skeptical because I do believe Facebook's biggest issue is trust -- people withhold information intentionally. It's not a safe place and most people know it.

Graph Search makes Facebook a lot less safe. Which leads also to the question: do I need to know who in my graph likes something salacious? Really, does this help us develop better relationships or just make our current relationships a bit more unsavory?

So if people search, see what's exposed, and cut down their sharing even more, then the effectiveness of Graph Search goes way down. That 10% bump in quality information you got with Graph Search could turn out to drop 20 points.. you might find that you have -10% quality over your search results compared to before Graph Search.

I think Graph Search will only work when we have Personal Data Stores, and can set terms for use of our data, and then our friends can search our non-public, but friend-shared information, without fear that a company like Facebook will sell us out.

Until then, I'm very skeptical of Graph Search at Facebook, other than as a model for the sea change to come where we will drive our own data and interactions, and treat Facebook as the bar or restaurant it is, where I would most definitely want the in-person protection of clothing. As it stands now, we just got more naked in Facebook, which doesn't deserve to also hold our personal information the way it does now (leading to our naked state there). It's just a Cheesecake Factory online, but most people don't see that yet.

Last week, I went through my whole Facebook list and undid things that "seemed" like they might be an issue if they came up in FB's new Graph Search.

But it's hard to know what could be an issue..

I will say that the way i see the "like" button being used it multifaceted. People like things for many reasons:

* to acknowledge receipt or that they've seen something
* to thank someone for remarking
* to thank someone for taking an action or sharing something
* to show laughter
* to acknowledge understanding the item or page
* to promote a comment so other's see it
* to help a friend who asked you to like something
* to comment without commenting
* to show the poster that you are "there" in their world
* to make it so that you will keep seeing the poster's facebook stuff
* to start receiving the "RSS" feed in your news feed of a page, person, or thing
* to get access to coupons, deals or a contest
* to make the liker noticeable to someone they aren't "friends" with..
* to cause a post, photo or page to show up in their feed to promote it (without actually liking the thing)
* to pee on the item to "aggregate it" in your list of items you want to keep a link to and it may not be because you like the actual thing in the page, photo or post
* to give more happy birthday comments or appreciate other's HBs because the birthday person is close to the liker (a spouse, perhaps)

*and* it's also done to actually "like" something in the traditional sense.

I can even see people "liking" likes (not functionally possible.. but it's done in a way by liking a comment that says something in the above list of ways of paying attention.)

The problem is, most of what I see as "likes" aren't about liking something, as in " I like it !! ". They are about the fact that there is no other way to do something to something on FB in any way, with the exception of commenting which isn't always possible, because you may not have rights to comment due to your relationship with the poster and the privacy settings the poster has set on FB.

Those likes are about attention to something with a variety of meanings.

I'm sure there are more reasons to "like" that aren't about actually having a favorable thought about an item, post, update, photo, page, etc..

But you get my point.

And so Graph Search is silly.. when the search results assume the "likers" all have affection or agree with the item and weren't doing something for some other social reason out of expediency.

Update 4/2/2013: Here are a couple of example screengrabs from my own feed that show this is something others are becoming more and more aware of as they try to make sense of the "like" and the like:

But Tassi isn't going far enough, I believe, in looking at Netflix as an example of a Silicon Valley lifeboat for Hollywood. Netflix is a microcosm of what could happen, across the internet and all users, if we looked at compulsory licensing for all media and users, and not just Netflix customers. Netflix is a great model for what could exist across the internet.

So as the world has shifted over the past 10 years, I realize we need to revisit compulsory licensing, with built in privacy so we maintain our "right to read anonymously" (per Julie Cohen.. an amazing thinker) and deal with other issues like counting, watermarks and tracking (guess what, 10 years later, we all realize that thousands are tracking everything we *each* do online everyday.. so while I want my clickstream, etc to be private and user-controlled, I'm less concerned about this now as far as compulsory licensing is concerned than I was in 2003).

So my thought is, why not collect a fee at the front end of each month, across internet service points, from users. If no one uses any media, the funds stay put in escrow with the ISP and non-users don't pay. But if media is used in a given month, downloaded, etc, moneys are distributed to copyright holders. And if works are in the public domain? No payments would go out either. Yes, it would require a giant copyright registry, and ISPs to track (let's say, for 90 days, before dumping a user's media list) what anyone on an ISP provided connection used, in order to distribute fees. And it would require a giant fight in Hollywood about who gets paid what, for what, at what time, etc. Hey, maybe that will mean you can watch a first release movie on opening day, on your ipad, where a larger share goes to that copyright holder because of the timing of your consumption?

In my view, figuring out how to solve the Hollywood problem with compulsory licensing is worth doing, by getting all the smart people who understand networks, and licensing, and all the other hairy stuff that will come up in a room and working it out. It would get artists paid, and it would get the users whatever they want in terms of media, and it would get Hollywood into the lifeboat that Silicon Valley offers, finally.

...If we lose the ability to completely control computers we own, these machine can, and will, be used to put us under constant surveillance. If that happens, computers will have completed a trajectory from contributing to human freedom and making the Iron Curtain look like a rusty sieve, to fulfilling the 1984 telescreen vision of pervasive monitoring of every activity of every person.

As many of you might have seen, we accomplished a lot in the last twelve months, written up in our Part I, II and III end of year summary newsletters (at our blog here, here and here).

In this first year of PDEC, we published papers, spoke at events and contributed to various endeavors in the personal data discussions happening on the web and in person around the world.

I'm personally very committed to a world where individuals drive their own data and I'm very proud of the work we did at PDEC, which is focused on companies and how those companies can build for a personal data ecosystem.

In the past couple of months, I've also worked to create a new org: Customer Commons, with about eight other folks, where the org is for Individuals only, no companies may join. Customer Commons looks at markets and data from a strictly individual point of view. I believe that it's a conflict of interest to work on both organizations (which represent either individuals or companies). Therefore, I want to see Customer Commons get up and running, and I realize I can't remain at PDEC, which represents the company perspective on the personal data ecosystem.

So for the foreseeable future, I'll be working on the same personal data issues, but from this Individual perspective, at Customer Commons. I wish Personal Data Ecosystem Consortium all the best.

Personal Data Ecosystem Consortium, or PDEC, is an org I've been involved with for a year. I'm chairing the Board. We just sent out a Year in Review recap of our activities for 2011, Part III (PDEC Recent News and Specific Topics).

Forrester Research Report covers Personal Identity Management
The Forrester Report releases a report on Personal Identity Management. PDEC was among 14 organizations/companies interviewed for the report including other startup circle members: Azigo, Singly/the locker Project, Personal. Read the report here, or download it from Personal's website.

I spent a lot of time with Forrester on important aspects of the report and was really pleased to see that they groked these ideas yet formed their own conclusions about what is happening with personal data and control over ones identity.

Ann Cavoukian is well known for her Privacy by Design initiative and was in San Francisco to speak at Web 2.0 Summit, held concurrently with IIW. PDEC arranged a dinner with the Startup Circle companies and Cavoukian for the Sunday prior to the conferences. The conversation was wide ranging and those present had a chance to share how they were building privacy-by-design into their core business and technical architectures. We also discussed the challenges in the ecosystem and how she would support privacy-by-design initiatives.

World Economic Forum update: October 4-5, 2011 - NYC
The Rethinking Personal Data project of the World Economic Forum telecommunications group continues to work toward understanding how the market will develop for personal data. WEF group members are actively working on developing a potential framework of how personal data can be shared when derived in different forms. PDEC members, along with Kaliya Hamlin and Mary Hodder, continue to work on the monthly calls with WEF toward a report release in the Spring, 2012.

Interestingly, EBay's phone reps said that it was my fault, that I didn't ask if the belt was a size large, even though the first and subsequent photos show the coat with a belt tied around it and the listing said the Coat was a Size LARGE. Any reasonable person would assume the WHOLE coat was a size LARGE.. not just parts of it.

So in thinking about this, I was reflecting back on an in-person interview eBay did with me this summer, as a regular customer. Basically, they wanted help figuring out what was working with eBay and Paypal, and what wasn't. And they wanted to talk about how to make eBay more like Amazon.

One of the things I commented on was that while I buy a lot from eBay, it does happen about 5% of the time that a seller misrepresents the item. They didn't seem to flinch over that figure. But I said "...EBay makes it safe to shop there, because they protect buyers with "buyer protection" where you immediately send the item back to the seller..." (i did in the coat case, send the item to Boca Raton, FL, and in fact in past cases eBay has scolded me for not sending the items fast enough back to the seller.. as in, when I call eBay, the item should already be in the mail back to the seller, with tracking and insurance... I shouldn't wait for eBay to tell me to send the item back.. I typically use FedEx ground for returns). I did in this case immediately return the item to the seller, and told eBay in writing as i described the problem, as well as over the phone.

What's interesting though is that based upon the user interviews they did with me this summer, they would like to compete with Amazon. Amazon has a seller's program and my response to this was as follows:

If eBay wants to do what Amazon does, have a fleet of sellers with high volume sales, then eBay will have to create a lot more consistency with returns for misrepresented items (again about 5% of items I've purchased are misrepresented.. this coat thing is the first time though that eBay has refused to honor buyer protection and told me the seller's misrepresentation was the buyer's (my) fault).

I also said that eBay would have to get much more consistent on requirements for the listings from sellers, that sellers would have to be held to better account as Amazon does for items and descriptions, because eBay sellers routinely try to hide things. For example, i purchased a new La Perla bra from someone two months ago. The seller managed to only photograph part of the bra and left out the flaw. The flaw was that the straps were sewn on backward and therefore didn't lay flat, but instead were twisted. It cost $10 to have it repaired at a tailor, or $10 to return it. The seller didn't care and refused to do anything about the problem and frankly it wasn't worth the fight, even though i sent photos to the seller of the flaw. So I took it to the tailor and ate the $10 fix. But in that case, the seller clearly photographed out the very top if the straps so that the twisted nature of them could be hidden from buyers.

That would never fly on Amazon, as Amazon would require the item be returned and refunded, no questions asked. In this case, I did pay 50% of full retail for the bra, a price very much in line with Amazon sellers. But given the fix verses send back prices, it wasn't worth the fight with the unscrupulous seller. You can bet that from now on, anything like that I'll be buying at Amazon, not eBay.

There is no way eBay is going to encroach on Amazon territory when seller misrepresentations like this are routine at eBay, and eBay doesn't protect buyers. If 5% of all eBay transactions are like mine, where sellers try to pull a fast one, as Kathy Don (sempaidon) did on the coat with the belt that is too short, or the La Perla Bra seller did with a new but "second" or flawed garment (twisted straps), or for that matter, the Tod's purse that was a vinyl fake that the seller insisted was real, or the opened and used "new" bottle of Furterer shampoo, buyers won't purchase at eBay, but they will at Amazon. I just don't see eBay being safe for buyers now that sellers who misrepresent are backed up by eBay. There is so much slippery seller action going on at eBay. Buyers have to be very very careful.

Additionally, the eBay representative yesterday said that I couldn't rely on photos with the listing, to show what I was getting. That I had to ask questions about the photos, and that my email with the seller verifying that the photos were correct was all I could rely on. That's the biggest shocker of all, that eBay no longer requires sellers to provide what is in the photos. That if the photos don't match, buyers are out of luck.

Or, buyers could shop at Amazon and feel secure about buying discounted items from sellers there.

I may still use eBay but will be even more careful now, since I have to suspect that even the most thorough listings may be filled with potential fraud, as was Kathy Don's listing saying that her sized LARGE coat would fit (and close) on a LARGE body, when in fact the closure belt doesn't tie on a Size LARGE.

Be warned, eBay is no longer protecting buyers against sellers who misrepresent items like Kathy Don did. I no longer recommend to people they purchase through eBay unless they are very experienced eBay buyers and do a ton of email before each purchase, to verify all aspects of a listing, INCLUDING ALL ASPECTS OF THE PHOTS, even if the seller has stated many details in the listing and in the photos.

Personal Data Ecosystem Consortium, or PDEC, is an org I've been involved with for a year. I'm chairing the Board. We just sent out a Year in Review recap of our activities for 2011, Part II (second half of the year).

PDEC Value Network Mapping MeetingAugust 3, 2011 - San FranciscoKaliya Hamlin, Verna Allee of Value Networks LLC, & Mary Hodder met with Peter Vander Auwera of SWIFT, Dan Miller of C3, Drummond Reed, Doc Searls of The VRM Project, Craig Burton, Tony Fish (PDEC Board Member), Phil Wolfe of Data Portability Project and Nitin Shaw. The group met to work again on the current state of value online, as documented in the Value Network Map Project, started in July.

Sibos, SWIFT's Annual EventSeptember 20-24 - TorontoMary Hodder spoke at SIBOS about a new Digital Asset Grid that SWIFT would create to open the infrastructure for Personal Data, away from proprietary Silos to one where anyone could share personal data in a controlled and secure manner, with proper rights, and accountability.

Kaliya Hamlin hosted a session for big companies interested in Personal Data. We will be following up and exploring developing workshops for those companies.

Customer Commons was created the day before IIW started with a group ranging from Doc and Joyce Searls to Craig Burton, Judi Clark, Joe Andrieu, Mary Ruddy, Mary Hodder, Drummond Reed, Britt Blaser, Markus Sabadello, and others. Customer Commons has evolved from the work at Project VRM, by Doc Searls and a large active community of VRMers. PDEC will be collaborating closely with Customer Commons. PDEC's collaboration will help companies offer early access to new Personal Data products to individual members to get feedback and early adoption from those folks very interested in the space. Notes from the working session are here.

Markus Sabadello held a session on PDEC Technical Documentation and Interoperability. Notes are here.

IIW opened Thursday with "Yukon Day," and many Startup Circle members and all of the companies doing something around personal data participating and sharing how they fit in to an overall ecosystem landscape.

Mary Hodder worked on a diagram showing the range of organizations stewarding aspects of the Personal Data Ecosystem. A small version is below, but you can click through to read about all the orgs working on technical, market and policy for personal data, as well as the individual initiative led by Customer Commons. This diagram was first shared at IIW at the Final day closing session and iterated in the weeks following with input from Kaliya Hamlinand Judi Clark. The organizations listed in this diagram are working on different core foundational missions and working together to bring the PDE about more quickly.

WARNING: Big Change at EBAY: Sellers who misrepresent will be backed up by Ebay.

Today I had an unfortunate experience with EBAY, where I regularly purchase a lot of items for myself as well as others, including everything from coats and clothing, to bags, shoes, shampoo, vintage items, kitchen items, gifts, etc. Actually, this particular experience has been going on for two weeks.

Essentially, a seller, Kathy Don, listed an item, pictured below, as a Size LARGE. She described the coat in the title and the body of the listing as a Size LARGE, and the listing photos show the coat as belted. The seller also points out that the coat doesn't have buttons. So, the only way to close the coat, is with the belt, as photographed.

And let's be honest: people who see a belted coat, knowing that it closes the coat per the listing photos, probably want to close the coat, with that belt. Afterall, coats are purchased for the winter -- to manage cold. A coat that won't close doesn't make much sense.

The problem is, this coat is a Size LARGE, but the BELT is, curiously, a size SMALL.

And therefore, the belt won't actually tie around the coat, when on a LARGE human. The eBay listing photo you see is a mannequin, likely a Size SMALL, and on a small body, the belt will tie.

I asked the seller, Kathy Don, to take it back, as the belted coat was misdescribed, between the photo and the "Size LARGE" listing title and description. She would not, claiming that she already sent the money to someone, that she has cancer, but I could resell it.

Does any of that matter if she misrepresented the coat?

If I relist the coat at eBay as Size LARGE, when the belt won't tie on a Size LARGE person, I too would be committing a "not as described" problem. Or fraud. Because the item doesn't match the listing: consisting of the Title, Photos, plus Description.

So I asked eBay to mediate. EBay came back and said that since I didn't ASK the seller if the belt was Sized LARGE, I'm at fault.

REALLY?

Looking at
"http://pages.ebay.com/help/policies/selling-practices.html">eBay's site on requirements for sellers:

Well.. I would say the seller did not accurately describe the item, when they claimed the coat was a LARGE and that it belted. The belt doesn't work because it's a size SMALL. The seller in this case, did not provide complete and accurate details, nor did they specify the condition was that the LARGE coat would not close with the SMALL belt, nor did they describe the fact that the belt was defective, in size SMALL, for a LARGE sized person.

I asked various eBay Reps (they passed me around a lot.. and disconnected the call 3 times saying they would call back if they lost me, but they never did call back) if photos are part of the listing and they said yes, however the one I talked to this morning doesn't think the seller should be held to the photo that shows a belted coat, if the belt isn't mentioned in the words. In fact, the woman at eBay I spoke with this morning said that since the belt isn't mentioned at all in the description, the belt is therefore NOT PART of the listing.

REALLY? I see a belt in the photos. So I asked the eBay rep: So the photos aren't part of what a buyer should consider and count on to buy on eBay? Buyers should ignore photos? She refused to answer.

Apparently asking that items actually look and work as shown in the photos on eBay is asking too much.

But you get the point. Buyers can no longer rely on photos as part of the eBay listing contract.

According to eBay, I HAVE to ASK a seller if parts of the Size LARGE coat are actually not sized LARGE.

Essentially, this represents a HUGE change at eBay, where they are willing to let sellers misrepresent an item, in this case, listing a WHOLE COAT as Size LARGE, when in fact the coat comes with a Size SMALL belt that WILL NOT CLOSE.

Who buys a coat for winter that WON'T CLOSE? Because the belt is misrepresented?

Apparently eBay thinks I'm at fault for not asking: ARE *ALL* PARTS OF THE SIZED LARGE COAT *ACTUALLY* SIZED LARGE?

Apparently, a photo of a belted coat, along with a title and description claiming SIZE LARGE, isn't enough. Apparently, I needed to ask the seller, ARE YOU SURE THE *WHOLE* COAT IS A SIZE LARGE?

So now, I'm facing small claims court with Ebay and Paypay, who received the funds they later paid to the seller.

The lesson for you is, DON'T ASSUME eBay will uphold a listing with words and photos combined.
Don't BUY anything at eBay that doesn't say "no returns accepted" because eBay won't back up buyers who are sold something that is not what the photos and words describe.

EBay has abandoned buyers to unscrupulous sellers like Kathy Don of Boca Raton, Florida who described and photographed a belted-coat, as a size LARGE but in fact it wasn't possible to belt the coat or close it, since the belt was a size SMALL. It's okay if the seller, and eBay disregard the photos and provide whatever they feel like in the way of the item purchased.

Consider yourself warned. I certainly will warn the hundreds of people over the years that i've shown how to use eBay, set up with accounts as buyers, to let them know that buying on eBay is no longer safe for them. It's too dangerous and I no longer recommend doing it.

Below is a diagram showing the non-profit organizations (note: no for-profits, conferences or governmental orgs were included) that are stewarding pieces of the Personal Data Ecosystem. I wanted to show how the orgs are relating to the problem of how to remake our digital lives, through more user-driven personal data, for more equal transactions throughout our lives with companies, the online world, and our government.

The orgs have been divided into four areas: technical, market, policy and individual advocates. While all the orgs have an interest and are doing some thinking in all the areas, these divisions show the foundational mission of the orgs. If each org, through its foundation mission, succeeded, they would be heros for sure. The problem is, mission creep. This is a problem for startups as well, where companies don't focus and get their piece right to succeed, but rather think competitively and try to take too many pieces of the market, leading to failure. So too will the large number of problems, plus mission creep, cause any of these orgs to fail at their mission.

Ideally, we'll see all the orgs working together in inter-disciplinary and multi-disciplinary ways, relating each of their solutions to the others, but keeping focused and executing their piece of this vast and Byzantine puzzle to solve the Personal Data Ecosystem. In creating this "org chart" I talked with folks like Kevin Marks of Microformats and Activity Streams, Harry Halpin of the Federated Social Web, Scott David, Don Thibeau of OIX and OpenID, Drummond Reed (who has worked with OASIS extensively), Doc Searls of VRM, Craig Burton, Steve Rappetti and Phil Wolff of Data Portability project, Dazza Greenwood of ID Cubed, Judi Clark and Joe Andrieu of Information Sharing Working Group, among others.

So here is a picture of who is doing what in the Personal Data space:

Below is more information on these organizations.

Individual Solutions

Customer Commons -- recently formed by Doc and Joyce Searls, Renee Lloyd, Joe Andrieu, Dean Landsman, Markus Sabadello, Judi Clark, Iain Henderson, Craig Burton, and me, as well as a few others in the room that, I apologize, I'm forgetting. Customer Commons' mission is: a community of customers, funded only by customers, serving the interests and aspirations of customers.

Market Solutions

Personal Data Ecosystem Consortium -- is a trade association for startups and big companies that agree to a set of principles for user-driven personal data. 19 companies (currently) have joined, and PDEC's mission is to support market solutions to the personal data question. Kaliya Hamlin is Executive Director and I am Chair of the Board.

PDEC also has just formed a Legal Town Hall, a monthly call starting January 11, 2012, to be led by Judi Clark, to talk about what kind of policies are needed when individuals share their data.

Project VRM -- Vendor Relationships Management, the brainchild of Doc Searls created during his fellowship at the Berkman Center, is a discussion group with a very active maillist, a movement for user-driven relationships with entities, and a steward of developers coding to bear out the group's vision.

Policy Solutions

OIX: Open Identity Exchange -- Don Thibeau is Chair of their Board, and Scott David is their counsel. OIX's mission is to build trust in the exchange of identity credentials online. They do this through the open, standardization of Trust Frameworks. They don't make trust frameworks, but rather their mission is to be the home of other's trust frameworks for the sharing of personal data, login credentials, and other types of private or controlled information. For example, the company Drummond Reed co-founded, Respect Trust Framework at OIX, who publishes it for others to point to as a public declaration of the trust framework. And, the U.S. FICAM Trust Framework was the first open identity trust framework to be listed by OIX

Information Sharing Working Group -- From the ISWG: The ISWG works with the Kantara Initiative, Identity Commons, Project VRM, the Personal Data Ecosystem Consortium, and Customer Commons. Run by co-chairs, Joe Andrieu and Iain Henderson and secretary Judi Clark, ISWG's formal mission is "to identify and document the use cases and scenarios that illustrate the various sub-sets of user driven information, the benefits therein, and specify the policy and technology enablers that should be put in place to enable this information to flow."

The Information Sharing Work Group helps individuals take control of the information we share online. The Standard Information Sharing Agreement is a contract for the use of your information, agreed to BEFORE you share it. It has two parts. A basic agreement covers all the default terms, things like “don’t redistribute my information without my permission”, which all recipients agree to. Then, for each individual instance of sharing, a data transaction agreement with just the bare essentials: who gets what data for what purpose. By moving all the complicated legalese into the basic agreement, we’ve dramatically simplified each specific transaction agreement.

Now, when you want to know what’s happening with your data, it’s presented simply and concisely in easy-to-understand terms… while the basic agreement defines how recipients must treat your data appropriately. The Sharing Agreement is designed to make it easy to understand and make informed decisions about sharing information online.

ID Cubed (ID3) -- a newly formed research and developement group affiliated with MIT and led by John Clippinger, Executive Director and CEO, (who started the Law Lab at Berkman/Harvard a couple of years ago and the Social Physics project a couple of years before that, also at Berkman) and Henrik Sandell, COO and CTO of ID3. ID3's mission is to "oversee the development of a multi-disciplinary center founded to research the role of law in facilitating cooperation and entrepreneurial innovation." Their major focus based upon the website seems to be Trust Framework development. Dazza Greenwood is also involved, as is Mike Schwartz of Gluu is doing some technical work for them.

Technical Solutions

Data Portability Project -- "Aims to consult, design, educate and advocate interoperable data portability to users, developers and vendors." They don't make standards but they help steward them to support more data portability, including protocols like OpenID, OAuth, RSS, Microformats and RDF among others. Steve Repetti is their Chair and Phil Wolff is very active as a public speaker for them. Here is some additional information about their mission.

Federated Social Web -- has recently become a working group of W3C, and is stewarded by many including Evan Prodromou and Harry Halpin. FSW is stewarding work on federated social web software and protocols, including things like PubSubHubBub, OpenID, Activity Streams, OAuth, among many protocols.

Activity Streams -- developed a protocol for how user's share personal data, using both JSON and Atom based streams of metadata. Monica Wilkinson and Kevin Marks actively steward the project. Activity Streams works on the Microformats model, proposing standards around activities already heaving in used online.

Microformats -- Microformats have been created for many pieces of data shared, such as hcard or hcalendar. Stewards of this project include Tantek Celik and Kevin Marks.

OpenID -- Created protocol for a federated login with OpenID 2.0 spec. OpenID Foundation is currently working with Microsoft, Google and Facebook on OpenID Connect, as well as on Account Chooser, an open standard for web sign-in ease switching between multiple accounts on a website. OpenID Foundation's chair is Don Thibeau.

ID Trust, OASIS -- from their website: "...promotes greater understanding and adoption of standards-based identity and trusted infrastructure technologies, policies, and practices. The group provides a neutral setting where government agencies, companies, research institutes, and individuals work together to advance the use of trusted infrastructures, including the Public Key Infrastructure (PKI)."

XDI.org -- responsible for the XRI / XDI standard, currently for pointing to data and creating link contracts. From their website: "XDI.ORG is an international non-profit public trust organization governing open public XRI and XDI infrastructure. XRI (Extensible Resource Identifier) and XDI (XRI Data Interchange) are open standards for digital identity addressing and trusted data sharing developed at OASIS, the leading XML e-business standards body. XRI and XDI infrastructure enables individuals and organizations to establish persistent, privacy-protected Internet identities and form long-term, trusted peer-to-peer data sharing relationships." Drummond Reed co-chaired the group with well, Gabe Wachob, of the XRI TC at OASIS and Andy Dale, Markus Sabadello, Mike Schwartz we involved in developing the standard.

W3C -- Umbrella standards body stewarding a number of standards for personal data use and control including the Do Not Track proposal. The Federated Social Web, and all their combined efforts including Activity Streams, recently landed at W3C.

User Managed Access (UMA), a Kantara working group -- develops specs to allow individuals to "control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate interoperable implementations of the specs." UMA group chair is Eve Maler.

The Direct Project -- From their website: "The Direct Project specifies a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet."

IETF (Internet Engineering Task Force) -- Working on a number of standards around identity and data portability.

Claims Agent Working Group -- is working on development of standards-based, interoperable, verified claims agent implementations. Is at IDCommons and was originally proposed by Paul Trevithick, though many people are part of the group.

Open Web Foundation -- is "independent non-profit dedicated to the development and protection of open, non-proprietary specifications for web technologies" and uses an open source model similar to the Apache Foundation. Their leadership includes Tantek Celik, Chris Messina & David Recordon.

Update: I've added the following item to technical:

SWIFT -- a non-profit based in Brussels that provides messaging standards around banking wires, is proposing a new infrastructure layer called the "Digital Asset Grid." The DAG would provide the metadata for all data transactions (including personal data), not just money wires, as well as a hardened, full duplex transaction layer for security, flexible identity and certified data. (Full disclosure, I'm on the team that proposed the Digital Asset Grid to SWIFT).

If you have more information about these groups, people involved, or corrections, please leave them in the comments and I'll update the post. Thanks!

Personal Data Ecosystem Consortium, or PDEC, is an org I've been involved with for a year. I'm chairing the Board. We just sent out a Year in Review recap of our activities for 2011, Part I (first half of the year).

Department of Commerce Green Paper Response Due
January 28, 2011
Kaliya Hamlin and Mary Hodder submitted the PDEC Green Paper response to the DOC and the National Telecommuncations and Information Administration (NIST) on the DOC proposals around identity and personal data, and the Do Not Track proposal by the FTC.
Read it here at the DOC site.

FTC Do Not Track Event
February 9, 2011 -- Berkeley, CA
Mary Hodder attended the FTC all day meeting on Do Not Track.
I asked the only audience question of the day, about models other than DNT and business as usual: whether a Personal Data Ecosystem would create a market solution to solve user discontent with the current state of online tracking and user data.

Applied Brilliance Salon
February 17, 2011 -- San Francisco
I attended the salon, regarding Personal Data topics, hosted by Jerry Michalski. I asked the first audience question about a Personal Data Ecosystem solution.

Federal Trade Commission Paper Response Due
February 18, 2011
Mary Hodder submitted the PDEC response to the FTC on Do Not Track proposal.
Read it here at the FTC site.

Tracking Do Not Track panel, Morris + King
April 26, 2011 -- NYC
Mary Hodder spoke on a panel with Brian Morrisey of Digiday, David Norris of Blue Cava, Dan Jaffe of the National Association of Advertisers and Helen Nissenbaum of NYU.
Read more about the panel here at PDEC.

W3C Privacy and Tracking
April 28-29, 2011 -- Princeton, NJ
Mary Hodder attended the W3C event about privacy and tracking. Mostly the event focused on Do Not Track as the only solution, but I tried to ask as many questions as possible to open up thinking about a possible Personal Data Ecosystem approach.

W3C Identity in the Browser Workshop
May 24th -- Mountain View, CA
Mary Hodder presented the Personal Data Ecosystem philosophy. More can be found about the workshop here.

Quantified Self
May 28, 2011 -- Mountain View, CA
Mary Hodder attended QS and led a session on Developing Health / QS Apps in a Personal Data Ecosystem model. Read more about it here in my post on the event.

Next Monday we'll be sending out Part II of this.. recapping our activities this fall.

"Truth and justice are philosophical pillars of this Court. The perpetuation of fraud, even for an actor's career, is inconsistent with these principals. Plaintiff's attempt to manipulate the federal court system so she can censor iMDb's display of her birth date and pretend to the world that she is not 40 years old is selfish, contrary to the public interest and a frivolous abuse of this Court's resources."

But this argument between IMDB and the actress points to a much bigger issue, and it's not the one about IMDB making its living trading on other's data, whether from Hollywood or the users who add to the IMDB system for free, which I would understand is a fairly selfish undertaking by IMDB.

Why should IMDB be able to operate "selfishly" by publishing people's personal data, outside their discretion, and the actress in question not be able to "selfishly" make a living by trading in her looks for salary? I would say IMDB is pretty hypocritical here. And do they really think the Judge, the public, or the Hollywood set they make money from, are that stupid that we wouldn't understand that IMDB is selfish too?

I understand from reading the Hollywood Reporter article that the IMDB believes she may be the same actress that years ago tried to change her birthday, submitted by a previous agent to IMDB. Since IMDB believes this is an issue of fraud (they have no proof), they now want the identity of the actress made public. But since the old information isn't part of the case, does it really matter? Yes, I get that actresses have lied about their ages for a long time, but is it really "in the public interest" to out this woman? It's definitely in her economic interest not to out her, so i just think Amazon-IMDB are being nasty and frankly it seems frivolous of them to try to out her.

But this is really beside the point.

The Larger Issue

I believe people should be able to choose what personal information is shown about them on websites.. especially data that isn't or wasn't before the past 10 years, public. It's easy to dismiss this as vanity or frivolous.. but as more and more personal data is out there, and as people lose control of it.. it points to a much larger issue: how do individuals control information about them that doesn't really need to be public?

I can see that by having her age obscured, the people who hire her would just think of her age based upon appearance.. which is actually for an actress or actor, probably a good measure. Giving the specific age will plant that in producer's and public's heads. So I can see her point.

Rather than get into a discussion of harms and "how bad is it" about one or another data breaches, I think the real question is:

What kind of society do we want to have, where everyone's data is public and out of their control? What does it do to us, to devolve into a totalitarian model where everyone is afraid because frankly, everyone has something to hide? Or maybe their friends do.

Right now, life and health insurance companies are telling the press and their investors that they are screening people in Facebook. And it's not just you under scrutiny. It's your friends. This was covered extensively in the Wall Street Journal "what they know" series a year ago. There are also finance companies that are telling users to "unfriend" anyone they are connected to in Facebook with bad credit... because when you are reviewed, friends with bad credit will reflect on you.

This issue of personal data and control is much larger than an actress and her age being displayed without her consent.

It's about how we allow others to show information about us, verses having control of it ourselves. I think for a civil and democratic society to work, we can't leave that up to companies with no oversight and a big profit motive, but instead need to think about giving the individual ultimate control over certain types of personal data.

So while the actress may be vain, may be trying to gloss over her age, or may just be reflecting the economic realities of her profession, which i do think are real, and we may poo-poo this as silly, this lawsuit reflects the much greater tension about personal data and control and actually could be a really interesting test case, given that we don't have much privacy law in the US.

One of the key points Sheryl Sandberg makes is that women need to lean forward. I have seen women lean back even when we have explicitly made space for them. I can highlight one example out of the many I have seen in the 8 years I have been proactively working on this:

In service to the list above, a group of women and I pushed for speaker training by having Lura Dolas who is a premiere executive speaker trainer come to She's Geeky as well as for training for geek speakers at Citizen Space one saturday (coordinated at the time by Tara Hunt). But you know what? We held signups open for women, for a couple of weeks. Few women signed up even though we did lots of personal invites, and eventually opened it to men. All the rest of the spots were gone in a flash. So I get what Sheryl Sandberg is saying: she suggests that encouraging women to "lean forward" would work. I've been trying to get women in tech to do that, with a little different terminology, for 8 years.

Women often eschew these qualities or don't know how to navigate them because they run so counter to women's social norms. So that, mixed with women's usualy less overall interest in having a big "title," which many conferences like to promote in association wifth the event (look: we've got 80 C-level speakers.. come pay several thousand to attend our event !) make women less attractive to conference organizers. Though I would argue that at most events I attend, women speakers share far more data and opinion than the men, and are often much more interesting speakers compared to the men who often hold their proverbial cards to their chests and don't share as much interesting stuff. So to me, the practical reality is that as far as speakers go, women are the brash risk-takers on stage. I often seek women out to get info the guys won't share.

Those three are great additions to the set of things we can all recommend women do. But to me, these lists: our 8 plus Sheryl's 3 (two of hers overlap so it's really about 9 ways to get women more into leadership roles), not to mention complaining about the lack of women speakers at conferences or the lack of women on board's of directors, or lamenting the dearth of women in engineering or getting women to pitch a company, as Women 2.0 tries to support in their annual contest, doesn't get us what we need or want. Which is a healthier ecosystem between men and women in tech and business so that women can more naturally be themselves, contribute, and inhabit leadership roles and overall, products are better.

In fact, over the past three or four years, I'd mostly given up talking publicly about the dearth of women in tech and business. The problem isn't getting solved, despite things like the Speaker's Wiki created so that non-typical speakers could list themselves. For me, the value of that wiki listing is in being able to email a few biographies to conference organizers, which I do often privately. It's a much more positive step than complaining about the lack of women speakers, which I'm so tired of.... But overall, the topic has felt like a waste of time because men in tech look down on women for discussing it, and it doesn't feel like anything ever changes.

Frankly I could see Sheryl getting burned out on discussing the topic (from lack of results) the way so many of us have over the past decade. I give her about 2-3 years to get frustrated and move on to other things, at least as far as speaking out in the New Yorker and at Ted and college commencements and other forums. The topic gets old and you want to be constructive.. so you start thinking about other things you care about that get more traction. It's not that you don't care about women in business and tech leadership roles, but maybe the other things I've done for years like holding personal dinner parties for women business leaders, or the women in tech weekends south of Santa Cruz at the beach, are just more effective at creating connections and support between and for women in tech and business. And they don't have the downside you get when you keep bringing the issue up publicly.

What's new on this topic?

Recently, I've been rethinking: why are we still here in the same place with women in tech? Why is it that our old list of 8 or Sheryl's new list of 3 ways to push women up the leadership and tech ladders may help a little, for the tremendous effort they take, but they don't really effect the overall problem?

What is the deeper problem set here? Why talk about it again? Well, it started for me with a surprising conversation.

I chatted a few weeks ago with a friend who is a man in finance, business and banking (but no tech at all), about the problems women encounter in tech and business generally. I told him I felt often men have been socialized to be on "teams" where there is a team spirit, where they don't look to the coach to discipline someone. Instead, they do it through peer pressure, and they also don't criticize team members unless they violate a big rule that everyone knows.

How does this work in tech? I explained to my friend that often a group of guys will huddle at a conference or some event, and they are playing with their laptops and mobile devices, listening to (mainly male) presenters in sessions, and then back at the group email check and hallway conversations. The guys joke around and mostly none of them looks too closely at what anyone else is doing with their company or their products or pitches. They all joke and get along. There are some guys who do look more closely at products and companies, but you almost never hear them share their real views or anything at all critical of the other tech or guys.

Women, on the other hand, often see the flaws in those companies, or products or pitches and say so. They see how a product or algorithm can exclude or hurt people or create problems for users. How a business model won't resonate with people and why it will take about 2 years to show that no one wants what's on offer. They see what can go wrong. Why? Because we watched our moms and the other moms growing up, and we got socialized to look for the problems and to prevent disasters, and to do things fairly and equitably for everyone involved, because we (the women, the moms) would have to manage the problems, clean up the disasters and take care of anyone who was hurt.

For example, where a Dad might say, "Hey kids, lets climb the tree and we'll jump off onto our new trampoline!" And mom would say, "Wait a minute, the kids are going to jump off an 8' high branch, hit the trampoline at 4', and bounce off onto the ground and probably break things?" She would put a stop to the plan, saying "You can only jump on the middle of the trampoline and not at the edges and no jumping off anything else onto the trampoline." And while mom was a major bummer, she was also preventing broken bones, loss of school days (that might lead to having to repeat a grade if the injuries were really bad), pain and suffering, and oh yeah, if the neighbor kids got hurt, getting sued by their parents for negligence and potentially losing the house and having to move or at least getting into a major fight with those neighbors.

Yeah.. mom is really a bummer here. But in a very good way, because she is socialized to know that she will have to pick up the pieces of problems that get out of hand, nurse the sick, and see 10 steps down the road the implications of decisions. Dad on the other hand, in this scenario, is thinking of the fun.

Now, you can say there are plenty of dads that wouldn't suggest this with their kids, but I actually know a dad, who is a successful risk taker at work who makes lots of money and is considered by colleagues to be very good, who suggested this to his kids, partly because he figured he could manage it and catch any kids bouncing off the trampoline. But his wife put a stop to it. Though one kid did jump off the tree branch later when the parents weren't around and got a compound fracture out of the deal.

When there's disaster, like with the broken bones, it's the mom who usually drives the kid to school every day for three months, instead of having him ride his bike with his friends. She was the one who sacrificed a half hour every morning being late for work, and she knew what the sacrifices might be in advance of disaster striking, when she shut down the jumping-from-the-tree plan.

The real way to think about that mom, and many women's contributions in warding off disaster, is to say those women are caring about the greater good over a longer term. It's a more masculine trait to think about making a splash and more a typical feminine archetype to care about the long term risks.

These gender-specific tendencies translate to a scenario in tech and business where men often show up as more exciting, brash risk takers who if they succeed, shine in the myth of the genius who did it all. Women are often behind the scenes, managing the fall-out of risks, and frankly, putting the kibosh on some proposals (read: bummer) in companies, in tech generally, and in business. And bummer it is if you don't take kindly to women's important role in thinking critically about risks and the consequences.

How many women do you know who you would put in the high-risk-taking category?

But this difference is *exactly* why we want a mix of men and women engineering, directing, creating and sustaining, leading businesses, and shaping policy, so we get a balance of each gender's tendencies which statistically will likely make the company or product or governments far more successful and stronger than if one gender alone works toward success.

So after telling this male friend about men and women in tech, the trampoline story and my general thesis that women are "analyst critics" and that feels like a bummer for the guys, I asked what he thought about the situation.

He said, "Well, whether guys know it consciously or not, most men tend to put women into two categories: bitch or hot. She can be in both, but she has to be very hot to over come 'the bitch' label in terms of whether a guy would talk with her or be 'friends' with her. So, while plenty of guys are socialized better because they are married or with a woman and therefore don't do this 'hot vs. bitch' assessment explicitly, no guy is going to defend a woman if all the other guys decide they don't really like her... no reason given. Or defend her if one guy starts picking on her, either to her or outside her purview, with the guys. Because we are all on the team. However, the unspoken reason is she is in the bitch category because once, once! she 'complained' about something, even if it was done constructively to solve a real problem. She had demonstrated that she could complain any time going forward and the guys know they can't be themselves around her. In other words, they have to be 'good' around her but can 'be themselves' with the guys. So now the set up becomes one where the guys have fun with each other, but are serious when any women are around, even if some of those women have never criticized or done anything to put themselves into the 'bitch' category."

Second, he noted that most men, in the face of even very mild criticism coupled with constructive solutions given from a woman, take her not as her, but rather to a place of fear. This fear is rooted in men's 2-year-old selves, deep down, where their mothers yelled at them or criticized them. So while the woman in a tech project might be saying: "Hey how about doing the project this way where something good can happen, because the other way isn't so good for the users..." the guy goes to a place where the woman co-worker is "his mother," telling him that he's wrong. The man can't hear the woman, because there are too many old filters in the way. And while again, some men have to have more criticism to get that fear going, most men aren't so conscious that they can hear criticism from women of a project, conference or company as being about the actual problem, but rather they take it to be about themselves. The criticism becomes an "ego-threat" and old defense mechanisms kick in. And criticism coming from a woman, well, lands her in "bitch jail", where the man's 2-year old fear is triggered and the woman can't really fix that without changing the larger issue of that man's consciousness about himself.

HIM: "We are all human and feel the emotions similarly in a way: Fear feels the same for men as fear feels to woman. Anger is anger for men and women. But if a man has fear.. he's what: 'a pussy.' If a woman has fear.. 'that's just how women are.' And if a man has anger, 'that's how men are.' But if a woman has anger, 'she's a bitch.' Even if she's just giving constructive criticism. Most men I know interpret any woman's criticism as inches from 'anger' no matter how nicely and constructively it's given, and therefore, she's rapidly entering 'bitch jail.' "

I have to say, I found it pretty shocking that a guy would cop to all this. And he wasn't leaving himself out of the category. Just being brutally honest.

If you're a guy reading this, and you are mad right now, I would ask yourself these questions:
Have you ever felt fear when a woman colleague has constructively criticized your project? Or did you even realize at the time you feared anything? Did you tell her, owning the fear and admitting it was your issue, not hers? Did you make it safe for her to share further criticisms? Or did you just distance yourself from the woman, and not work with her so much anymore, and did she just sort of back off from giving further feedback and instead, move away from the male members of the team? In other words, did she lean back and did you help her to be less involved?

So are you mad because my friend's words hit a nerve.. and this is uncomfortable? Because it only takes a few of these instances for a woman in tech or business to sit back and not participate as much. You may say, she's not tough enough. But she may say: why bother, if no one can take what I have to say.

I have another story, about a friend who is a partner on Sand Hill Road. She never speaks at the weekly partner meetings to review deals, until the end of the meeting (about 4 hours). She's learned that she waits until the chest beating and the competitiveness are over and the guys (the rest of the partners are, of course, all guys) have exhausted themselves and said everything they want to say. Then they look around.. and ask her what she thinks about this week's deals. Then, and only then, are they ready to listen to her. And they do. But she has leaned back. Effectively. I mean, she is a successful partner at a successful and top rated VC firm. But she leans back. Because that's how the guys can take her.

Back to my friend's and my conversation:

ME: Well.. it's true that it's not socially acceptable for a woman to express anger. Most women I know aren't even conscious of their own anger, or how much anger is inside them. They are so used to stuffing their anger, and moving on, that the anger comes out sideways. And men are right to fear that. It's not safe when men stuff fear, or women stuff anger, for anyone, because we are avoiding what is real, but complicated, and not socially acceptable. It comes out sideways for both of us. Men avoid angry women out of unconscious fear, and women try to work with men's fear, but can't, because fearful men won't include women in the real work, reducing women to things that are valued for their looks. That's a lot of sideways behavior.

Certainly I have been guilty of this.. especially prior to doing the emotional literacy work I've engaged in more recently. I have definitely stuffed anger, had it come out side ways, to other's confusion, and not owned what I was doing or feeling. It's probably been scary for men I've worked with, because I've *not talked* about anger, or released the pressure of feeling mad about the unfairness of something ... like not being taken seriously by the men in the room... or like a speaker list where organizers didn't even try to find qualified women, or disregarded dozens of qualified women. Or for example, once when I pitched to a partner's meeting in a Venture Capital firm, and had the senior partner refuse to look at me or ask me questions directly no matter how polite I was. Instead he asked all the questions to my male business partner, who turned every one over to me. Women have all had experiences like this. And we don't get mad. But everyone knows it's in there somewhere. And on and on with examples.

So if emotional literacy is the larger issue, how do we fix this? How do we get unstuck at a deeper level, than suggesting speaker training, or asking women to lean forward?

I'm not proposing we (women) try to change the guys that project the team vibe, consciously or unconsciously, who don't facing their own fear, or aren't honest about their own projections and inability to own what they are doing, or speak and share their fear.

I mean, women could do a big movement to educate men and get them to shift their thinking, a la the 70s, but that's a lot of work for something I don't think, frankly, will work. I don't think women can really change the attitudes and behavior patterns men carry, especially unconsciously.

Instead, I'm proposing we (women) change us. And my friend suggests that he, and other men, have to change men. Because, he too says, "Women can't change men, rather men can only initiate each other and teach each other to feel fear constructively, consciously, honestly and safely, in order to see women as women and not through the many filters they carry now."

So how do we do that? You know when people say: "Change yourself, change the world?" Where if you change yourself, everyone reacts and they are forced to treat you differently and if they don't, you don't care anyway because you've moved on and in a way others are left either changing or being left behind? Yeah. That way to change the world.

So how do we change us?

I'm not proposing that women be more like men.. to be more "fun" or take more crazy risks. Because trying to be something you aren't -- a team player if you've never been on a team, or able to laugh with the guys like a guy, when you aren't a guy, propose highly risky actions -- never works.

Instead, I think the answer lies in facing our own issues, as women, and not only changing ourselves for work, but everywhere. I'm proposing that we look at how we are angry, how we stuff that and don't face it, and aren't honest about it. Which makes us unsafe to many men. I believe that if women were honest about their anger, they would reside in their own power, own it, and reasonable risks and "leaning forward" as Sheryl says, would happen naturally and without a few of us pushing women to do what doesn't feel good to them now. Because most women aren't living in their authentic power which means they haven't faced their own anger or owned it.

As my man friend named it, "Women seem to have slid backwards over the past 20 years.. they are very concerned with their appearance to the sacrifice of their own truths and personal well being." My thought exactly.There's nothing wrong with looking good. But it should be secondary, and yet many young and older women seem to be focused on that to the detriment of their own advancement. It translates into caring more about what others think about you than asking for what you deserve, speaking the truth, and risking criticism to speak what is real and authentic. Which is all pretty much a recipe for holding anger deep down in an unconscious woman.

Not being taken seriously, not seeing women speaking at tech conferences, being on the boards of companies or doing what is high level work, could add even more anger. I know from years ago, challenging the organizers of conferences about how they had none, or one or two, women speakers at an event, didn't work. And women have been angry, when conference organizers react with silence or brush off the issue. But it was an anger women didn't feel they could express, or weren't conscious of.. and yet it was there.. I could feel it. And the men understandably feared that. Because the anger was coming out sideways.. it wasn't clean, owned and direct.

So, HE continued, "If men have taken the feminist messages from the 70s (like "who needs a man anyway?") and defaulted into emotionally illiteracy, where they don't have to own their emotions, or be conscious and share their own fear, then we end up with stagnant gender roles and fear about ever letting those roles shift again. Because the effect of those messages from the 70s have hung around, and a lot of men heard those messages from women as having an underlying criticism of who we are as men and whether we are even needed. For men who come after the 70s, the sons and nephews of men of age in the 70s, those boys are getting their modeling of what men are like, what it means to be a man in the world, how to treat women and how express their own emotions. The effects men felt in the 70s have been passed on to the current generations of men.

"There is a place where it's okay for men to express our emotions in our culture, but there is an invisible line for us, where when men cross it, the rest of the guys all point a stern finger and say to the one guy crossing the line: 'Dude, what are you being such a pussy for?' A guy who isn't emotionally literate will cave. But the guy, if he's emotionally literate, can say: "Hey, I'm feeling some fear / anger / sadness / a threat... " because that man is tired of having to not be himself for the sake of his friends. The truth about this is that there is a quiet revolution in men's circles across the country, THAT HASN'T YET trickled into our business and technology companies across the country.

"And so it's that distinction, that men can't yet be honest and direct. But as men begin to own their own internal emotional truth, to themselves and to each other, they'll realize that women are already there... waiting for them."

The notion is that the genders are secretly eyeing each other, where men look at the women's camp, women look at the men's camp, and if we raise the problem of women excluded from industry (tech, business, etc) and young women regressing to placing their value in the old stereotypical values like: "how do i look, how sexy am i, how desirable to the opposite sex.." this feels like a failure of the attempt women made during the feminism of the 70s to be integrated into male culture, male business and to be seen as equals.

If you accept that that 70s movement failed in a way, then it makes sense that women came into male domains (80's and 90s) and now women are receding from tech jobs from the 2000s on. (There are still women working, but the numbers in traditional male domains are down).

So why is this? Well, one view via my male friend has is that men inherently felt threatened during the 70s and 80s and after. This is partly because of what he called the "fragile male ego" which he says,"...is a reality especially among men who haven't done personal work.. who aren't emotionally literate." But also some of the loudest and clearest women's voices in the 70s and 80s were making men bad and wrong. He says further, "When men talk, we tend to lump all women into one voice.. so the women were lumped together as man-haters in the 70s and 80s."

So to the extent that the women's movement was about "taking power from men" ...this reaction from men happened. And got internalized by men.

So why have men returned to excluding women? My friend says, "Men tended to stereotype what was going on around their own exclusion by 'man hating women,' and reacted out of collective fear, toward women who wanted power." That power being the ability to join men at work, in business, or tech, and be taken seriously.

My friend goes on: "Men have always been at a place of lesser emotional literacy than women, so the dialog men cannot participate in with women is something like this: (to a man) How do you feel about women working in what has been men's world? A healthy male response would be: 'I feel fear of it because there has been incendiary language by a few women and that causes me to want to fight... '."

So in other words, emotional literacy allows for a full bodied conversation, where the whole body is involved in the conversation. Where the emotions in my body can be expressed.. and it's okay on both sides of the genders.

Again, HE said, "But men aren't able to do that yet, with women. But in general they do it with men, but it's limited.. to stomach, sexuality, gut.. but that's it. And many men have been raised by mothers who are emotionally invasive, so there is also a tendency to disbelieve that a women's desire for a full bodied emotionally aware dialog is *not* going to somehow come at a price to the man.

"So men aren't able to have a full bodied conversation with women, and women are waiting on men to get there.. to become emotionally literate.

"The problem is that when men fail to do this work, and when women don't have an equal partner (who is being emotionally aware) then women recede into a place where they try to find their value in the old stereotypical ways: valued for their looks and sexually because an equal dialog isn't really happening and neither party is really seeing each other as fully human."

ME: What about women? Why doesn't it work for us to help men?

HIM: "So if emotional literacy did happen, then men would treat women as more than tits and ass.. and women would feel that and feel able to take the risk of revealing who they are to men. That means women would be intellectually revealing, in board rooms, engineering rooms, with fully available ideas and contributions to the work.

"But the problem is, men can only do this work with men. Women can't help them. Men have to initiate men, men have to work on emotional literacy with each other, men have to make it safe to be masculine and live in their male bodies, and still express fear, even to women."

ME: So while this would change personal relationships a lot, in the context of work, men and women would see each other as humans who all have fear, feel threats, have anger, etc so we could be real about our contributions to projects, technology, development, etc. And women would be included and invited fully into speaking, leadership etc.

So this dialog between my male friend and me gives an idea of how we agreed women generally recede from the business world, because of these generalized dynamics. What my friend said above, and his take on men and women, which we both get are generalizations but also feel are generally true in our working experience, is a way to see that the lists of things women can do, like leaning forward, or getting speaker training, doesn't get at this deeper underlying problem to change what is happening with women in tech and business. Those suggestions are salve covering the underlying tense and uncomfortable relations between men and women in many work and professional situations, and we can see them explicitly displayed on many a tech conference speaker's list.

If men were to become emotionally literate and transparent it would change everything across the board: technology, business, leadership, speaking, conferences, product development, even Wall Street and the recent sociopathic behavior many men there have engaged in with our financial systems, to the huge detriment world wide of our economies and peoples. If women were to become emotionally literate, they would own their anger consciously, allowing men to feel safer in the presence of that anger.

I get that emotional literacy is a very tall order, but becoming aware of the need is a step. Talking about it is another step forward. I get it's very hard work each of us needs to do to face our selves and our emotional truths, so that when we go to work, we are clean and clear.

The upside for our society when men and women become emotionally literate is huge. It definitely extends beyond just tech conference speakers lists. It's just that a conference speaker list is a written testament to the problem at hand. Men and women can't now see each other as just human because of the many thick filters in the way of our communication and shared goals, that hold us in more adolescent gender roles.

One of the challenges with startups and incumbent businesses alike.. is the men are often looking for the splash (an IPO or a big fast score or a big win). But women often anticipate the greater consequences and see the longer term view. If men could invite women into really share the work, with full ability to share emotional and intellectual reality -- without judgements created through a person's own filters and projections, but rather from a place where both sides have emotional literacy -- with full ability to work toward the greater good, and long term success of the company and projects, men would succeed with less risky behavior and achieve more balance, women would succeed by bringing in their more considered approach to receive full acceptance as tech and business co-workers, co-founders and partners, leaders and contributors. And people, society, our economy, would be far more stable and successful by the work of an emotionally literate leadership and creator populace.

Just left the Quantified Self conference where I led a session in the last breakout on "building for a personal data ecosystem." Since we weren't on the official program, i was very happy to be holding something in an Infinity session. Fifteen or so people came, and I talked about Personal Data Ecosystem Consortium and our mission for a user centric data model where user's control their data through agents, or Personal Data Stores. I also mentioned what I was seeing at the event, which was lots of folks building apps, making new silos of data, and repeating the model where users' data is in question as to who owns it, and users don't really have access to their data except through the a service's website and possibly an API that might send a little data somewhere else (like twitter or facebook).

I suggested that in a Personal Data Ecosystem, apps makers could take data from their users and send it straight through to the users' Personal Data Stores (PDS). That way if the app or hardware changed or ceased to support their old systems, the user would have their old data to play with in their PDS. And I talked about open formats for the data (think.. what about an open format for Heart Monitor data, where you pulse is described and you can take that data anywhere). Services could think about just providing a great service, instead of trying to manage all the user data storage and security. Users would control their data in their Personal Data Stores/Lockers/Banks, and I said that a bunch of companies were building these PDSs, including Sing.ly which is building the Locker Project.

Sing.ly happened to have someone there, Jared Hansen, who is a developer in the open source project. And there was a guy from Basis, Bashir, who is building hardware (like a wristwatch) that you monitor things like your heartrate with.. though it does monitor many other things as well on your body. We also had a couple of health researchers there, plus other health and wellness companies looking at data, as well as Ian Li, of Carnegie Mellon who is researching data collection and normalization, and a woman from the EFF. And we had a couple of users who talked about what users need.

After a few minutes, Bashir from Basis explained their dilemma around the hardware which isn't all that profitable for them. So initially they were questioning what to do with the data and how to monitize the company. Should they sell the data, or give it to users, or charge uses for it, or give it away to developers who could create a great ecosystem by building lots of apps, thus driving more sales? And who's data is it?

WOW. WOW!!!!

So we were off an running, with the impromptu Basis use case of how to get the value of the data, include the user and let the user have choice and autonomy, and how to leverage what is being done out in the marketplace and with developers creativity with data. Oh.. and don't forget about participating in microformats and Activity Streams creation to make bottom up grass-roots standards for the data formats and exchanges.

We talked through what it would mean to give away the data, support users and ask them if they wanted their data included in studies, get additional revenue for Basis while maintaining the inclusion of the user in the process and what developers could and should do. We brainstormed a lot of things, and covered the good and bad points of how it would all work and how to support Basis' market model while still being good and fair to the users.

I have no idea what Basis will do, but I would love it if they would join the Personal Data Ecosystem Consortium in the Startup Circle, to help build out ways to make a user centric data system for user's wellness data collected with Basis hardware.

What an amazing opportunity Basis has for doing the right thing for users, and leading the wellness and personal data ecosystem by creating a win-win for themselves and users. They could create a new market for wellness data, that is user driven.

Frankly, we need more discussions like this. It's not about Do Not Track models where we kill all the data plus the value of it, and it's not about "business as usual" where the user isn't included and businesses do whatever they want with user data.

It's about creating markets that do right by users and have companies making money ethically and conversing with us in the market.

Thanks to everyone who came! We had many representatives of the relevant stakeholders and the discussion was enlightening and rare.. but one I hope to make more common in the near future!

A few thoughts. There are lots of people here from various disciplines: health care, tech companies like 23andme.com that marry personal genomics and tech, apps makers and health and wellness hardware makers. And lots of folks just wanting to track themselves.

Sessions are preprogrammed (in other words, the conference is all done top down broadcast mode), and now and then in people's statements, a person will pass along the vibe of the old style medical industry (that is: we know more than you and we'll tell you what's true.. that mode was in the opening session where we were lectured to). Though I just walked through all the sessions in round 1 and the individual break out sessions are more discussion mode which is great to see.

There was a near complete lack of consciousness about protecting user's data as I walked in and spent a few minutes in each of the first 6 sessions. The impicit assumption was that "we" (builders, companies, etc) can take data and use it for whatever "we" want. Building systems that aren't just about more silos with data lock-in, or building for a Personal Data Ecosystem model where users keep their own archives and data, and then choose where their data goes, what purpose it's used for and control what is happening isn't on the radar. It is especially important that we look at issues of privacy, control, autonomy, choice and transparency for the highly personal, very sensitive data collected around personal wellness and health.

There is a single session, led by lawyers about privacy in round 2. But the rest of the sessions do not seem to be aware at all that they need to build from concept on for privacy, data control by the users, where users keep their data and the applications, devices and monitoring tools "use" the data with permission.

And there is no session about personal data control, where the QS apps would work on a Personal Data Store. I've asked to have one.. but we'll see if they decide to let me do it. The assumption is developers will just build more silos with more data collected, about you, crossed with other data about you, that after combined, creates yet another silo of data. There may be an API available, but effectively, the data is stuck in another silo, that a regular user can't really get at it, hold it, control it, share it, correct it or delete it.

It's dismal.. thinking about how all this highly personal data is just assumed to be owned by apps makers and companies and users are just cows in a big milking system. The participants of QS are just continuing the tradition started by the health industry and continued by tech company silos in making the users say "Moo." Pick your ecosystem and prepare to be milked.

Lastly, I'm really happy to report that the QS organizers decided to order a really healthy vegetable lunch salad (with either chicken or tofu on it).. Great work on that front!

I think we need to challenge assumptions about the inputs... compare the inputs from "hoovered" personal data to that of what people assemble in personal data stores operating in a Personal Data Ecosystem.

Execs from Rapleaf and Intellius have admitted publicly, recently, that they know half their data is bad, they don't know which half. I also sat recently with the woman from Experian who is in charge of segregating and keeping separate data from the internet (verses financial data which is regulated) for their offerings about users. When I posited that a lot of her data was likely wrong, she agreed.

User's obscure their data intentionally because they are scared.

For myself, I can tell you that in the last few years, I have obscured data online (birthdate, zip code, name, address, phone number, preferences, email addresses) as well as health info (not to my doctors, but to data collectors whom I do not trust yet claim they never share the data. For example, you can't get a mammogram in SF / Children's Hosp without sharing a huge amount of very personal data.. so i made it all fake because I don't trust the lab and who they sell the data to...). And I fake it to the pharmacy when they ask for more than my basic info to fill a prescription. In fact my current insurance company has my name and birthdate a little wrong and i'm not correcting them.. because it makes it harder to aggregate my data across systems. Oh.. and my bank spells my name: Hoddler .. and has a slightly incorrect address (don't you love how they key in the wrong data!) and i'm not correcting that either.

I fake all sorts of stuff on and offline... I fail to correct bad data... I know many others do too.. I have since 1994 been faking my data online. Somehow even then, without understanding the privacy issues or how the internet worked then, I just didn't trust the system because I knew then we had no privacy protection in this country (US). As I began working with online technology in 1997, and started really understanding it, I've felt more than ever the need to obscure my data and make it difficult to combine in a pivot about me.

I get that this security by obscurity and mistakes doesn't cut it, but it's the best I can do right now.

So my question for the McKinsey research people is: have they factored this in?

And have they factored in that users have obscured enough information that me at one site cannot be aggregated with me at another site?

Or have they factored in that the people at institutions who key in the data from our driver's licenses get it wrong (my bank with my name and address) or the insurance co (my application correctly filled out.. with my name and DOB) or whatever?

The answer is to give us proper protections for our data. 4th amendment protections and rights over sharing of our data, so that we make sure the data is right. We can aggregate our own data in Personal Data Stores. Then we can trade fairly for that data if we agree to being included in the big data systems McKinsey is saying will help us so much.

I agree big data analytics can help us as a society, but not without good data, and not without including users into the system, as equitable players who deserve to have rights over our data, including choice and autonomy to participate in big data systems.

But until then.. big data is working with databases that are half right.. because we don't have choice, autonomy, rights or protections as users, and that's the first problem with McKinsey's assumptions.

A bit of Context
Obviously, this diagram is a little cynical (courtesy of Chinagrrrl), but not too far off from how we manage personal data online today. But there are a lot of proposals on the table to fix this dilemma. One is Do Not Track which industry sees as something they can self-impose on an *opt-in* basis (for themselves) and opt-out (for the users) and self-regulate by having advertising trade org.s monitor compliance, with the FTC stepping in as necessary. There are also a number of DNT bills introduced in Congress and various hearings on tracking where the FTC would regulate implementation. And Johns Kerry and McCain have introduce a Rights and Responsibilities proposal in the Senate, that instead of Do Not Track (Kerry's LA, Danny Sepulveda told me DNT is a waste of time) suggest ways that data collectors would have to be responsible with our data. However, that bill lets 3rd party marketing, data tracking and Facebook's privacy bending ways totally off the hook. Both of these plans / legislative initiatives completely ignore the more than 40 startups and companies building for the Personal Data Ecosystem where users would collect their own data, and make use of the value, which the World Economic Forum recently said was "a new asset class".

That said, the rest of this post describes the Tracking DNT panel at Morris + King the other night.

Tracking Do Not Track
Tuesday night I was on a panel at Morris + King, an PR firm in NYC, called Tracking Do Not Track. Our hosts: Andy Morris and Dawn Barber (who co-founded NY Tech Meetup with Scott Heifferman) were very good about putting together a diverse group of people to talk about Do Not Track and the various issues with personal data and the advertising industry that have so many talking these days. My guesstimate was that about 100 people attended, mostly from industry (tech & advertising).

Our group included:
Brian Morrisey (Editor in Chief of Digiday, an ad industry trade publication) as Moderator
David Norris (CEO of Blue Cava)
Dan Jaffe (Exec VP, Govt Relations for the Assoc of National Advertisers - ANA)Helen Nissenbaum, Professor, Media, Culture & Communication at New York University
and me: Chair of the Personal Data Ecosystem Consortium

We started off with Brian's question: who are you, what do you do in a nutshell, and what do you think of the state of online privacy these days?

I was first.. and gave a quick explanation of PDEC which is to say that we offer a middle way between Do Not Track (DNT) and what is going on now online (Business as Usual). Our middle way offers a market solution to users' wanting control of their data, and the tracking and digital dossier building by shadowy companies to stop..we don't believe DNT will work and don't support it, though we do see that some kind of "Rights and Responsibilities" legislation would help create a level playing field for any company that collects personal data. Those rights and responsibilities for personal data collectors needs to include giving user's a copy of their data, so they can then put them into personal data stores (or banks, lockers, etc) and then use the data as the person sees fit.

Oh, and I said the state of online privacy was pretty dismal, though I was optimistic because it feels like this year, it's actually possible to get personal data some basic protections similar to HIPPA or FCRA where user's can get their data, and we can make the Personal Data Ecosystem emerge as a market solution that finally works for people. Granted, it's a 5-7 year proposition to really create a new market, but we can actually start this year because of the 40 or so startups that are funded and building pieces of the PDE and the push in the US Government to do something about the dismalness of online privacy.

Helen Nissenbaum, whom I've admired for years for her thoughtful approach to privacy and usability, agreed that privacy online was pretty bad, and explained her work around Adnostic, a "privacy preserving targeted advertising" system made with some Stanford folks.

By far, the best comment Helen made all night was that tracking and aggregating data that pivots on people is not ethical, that it's bad for people and for the incremental 1% improvement we might see in targeted advertising, it's not worth the incredible intrusiveness of tracking. In particular she said, "Anonymization does not change intrusiveness."

Dan Jaffe spoke next, and surprise, agreed that online privacy is not good, but talked about how publishers need to support their businesses and that behavioral advertising is helping them do it, and that Do Not Track should be self-regulated by the industry because they know their business best. And government has a tendency to screw up regulations and therefore, we should let advertisers figure out what works.

Next up was David Norris, who agreed with my use of the word, "dismal" to describe online privacy and said that Blue Cava was supporting a self-regulatory model because they didn't feel that Do Not Track as proposed for legislation was a good idea.

We chatted about the viability of Do Not Track, and with Norris, Jaffe and me all agreeing it wasn't a good idea. However Jaffe said he didn't like the idea of any regulation, that the industry could do it themselves, and that my "data rights and responsibilities" support for legislation would be just as bad for data collectors.

Folks in the audience, like Esther Dyson, pushed back on Jaffe, saying that she wanted the ability to choose where and when her data was out at some vendors site, and that's why, she said, "I'm supporting Mary and her organization" because it's a market model that gave her choice.

I was very pleased to hear her endorse us (thank you Esther!)

In the end, I think we got our message out which is that tracking individuals is a bad thing, that users should be the only ones tracking themselves across sites, but that sites can track within the site to optimize business. And that users should have a marketplace to trade data, like they do in mileage accounts, and choose when they trade, as partners, and not have it done for them in secret as is the case now. And that we want to see users data protected with a basic set of rights, like Health, Education and Financial data currently is now.

Curiously, Dan Jaffe made a comment about HIPPA, the health data protection law, suggesting that users get their health data so maybe they could get their personal data too. Given that that is a law, and he was opposed to regulation of any sort otherwise, I wasn't sure what to make of this.

However, I was really pleased with the opportunity to talk about PDEC, the startups and tech efforts to create a personal data ecosystem, and to provide a different view than the usual support for Do Not Track as we try to figure out what is best for our society.